JB-59 Authentication information should be stored in database.

[iipolovinkin]

http://habrahabr.ru/post/203318/ don't break unit tests :-) Desicion: use AuthenticationProvider implementation. https://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#core-services current configuration:

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="pass" authorities="ROLE_ADMIN,ROLE_USER"/>
                <user name="user1" password="1111" authorities="ROLE_USER"/>
                <user name="user2" password="2222" disabled="true" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>